Update rust.yml #18
Merged
Update rust.yml #18
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lb-anssi
added a commit
that referenced
this pull request
Mar 31, 2023
lb-anssi
added a commit
that referenced
this pull request
Apr 3, 2023
Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency
lb-anssi
added a commit
that referenced
this pull request
Apr 3, 2023
Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency
r3dlight
added a commit
that referenced
this pull request
Jun 21, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Jun 26, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Jul 12, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Jul 13, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Jul 31, 2023
* Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Jul 31, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Aug 4, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Sep 28, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Sep 28, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Sep 28, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Oct 2, 2023
* Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall * Ignore .filepart as requested by a user * Typo fix * Revert .filepart ignoring and add this feature to a dedicated branch --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Mar 25, 2024
* Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall * Ignore .filepart as requested by a user * Typo fix * Revert .filepart ignoring and add this feature to a dedicated branch * Bump userdoc to v2.2 * Add mkfs instructions * Ignore unsupported operations by miri * Improve UX in home page * Housekeeping + UX * Housekeeping + UX * UX and design improvement * UX and design improvement * Fix uncorrect/misleading comment * Bump syscallz and landlock crates * Update default method but stay on ABI V2 for now * landlock: restrict sas_in directory with ReadFile, RemoveFile and RemoveDir * Landlock: Add ReadDir attr to be able to read the dir content * Landlock: Remove wrong comment on ABI version * Fix Landlock RO + unlink sas_in + UX (#50) * Fix clippy warning for String * Update dependencies * Bump dependencies * Bump dependencies * Remove / update error module * Bump version to v2.3 * Update UX * Update SDPX headers * Fix missing variable in flush() * Firewall: addition of installer for minifilter (#51) * USB Filter: add USB filter in add event * Added USB descriptor query * USB Firewall: started installer setup * USB Filter: improved usb device inspection * Created installer for windows daemon and filter * Created installer with Innosetup * Rename minifilter project * Started preparation for Linux port * Applied Clippy and cargo fmt * Keysas Service: added taury app to installer * Firewall: improved readmes * Bump various crates * Set compat level for Landlock * Print json report to logs * Add non camel case types * Remove update headers * Remove patch & switch to ed25519-dalek v2.1 * Update SDPX * Update npm dependencies * Update installation dependencies * Add Todo list * Update release and changlog * Bump Tauri dependencies * Bump regex crate * Bump dependencies * Update documentation about StreamMaxLength * Update documentation for udev and keysas-admin * Bump dependencies * npm update and audit fix * Fix clippy warnings * Remove loopdev patch * Remove dead code + allow non camel case types * Add truncate open to true * Bump dependencies * Fix clippy warnings * Update link to download on github --------- Co-authored-by: Luc <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
May 14, 2024
* Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall * Ignore .filepart as requested by a user * Typo fix * Revert .filepart ignoring and add this feature to a dedicated branch * Bump userdoc to v2.2 * Add mkfs instructions * Ignore unsupported operations by miri * Improve UX in home page * Housekeeping + UX * Housekeeping + UX * UX and design improvement * UX and design improvement * Fix uncorrect/misleading comment * Bump syscallz and landlock crates * Update default method but stay on ABI V2 for now * landlock: restrict sas_in directory with ReadFile, RemoveFile and RemoveDir * Landlock: Add ReadDir attr to be able to read the dir content * Landlock: Remove wrong comment on ABI version * Fix Landlock RO + unlink sas_in + UX (#50) * Fix clippy warning for String * Update dependencies * Bump dependencies * Bump dependencies * Remove / update error module * Bump version to v2.3 * Update UX * Update SDPX headers * Fix missing variable in flush() * Firewall: addition of installer for minifilter (#51) * USB Filter: add USB filter in add event * Added USB descriptor query * USB Firewall: started installer setup * USB Filter: improved usb device inspection * Created installer for windows daemon and filter * Created installer with Innosetup * Rename minifilter project * Started preparation for Linux port * Applied Clippy and cargo fmt * Keysas Service: added taury app to installer * Firewall: improved readmes * Bump various crates * Set compat level for Landlock * Print json report to logs * Add non camel case types * Remove update headers * Remove patch & switch to ed25519-dalek v2.1 * Update SDPX * Update npm dependencies * Update installation dependencies * Add Todo list * Update release and changlog * Bump Tauri dependencies * Bump regex crate * Bump dependencies * Update documentation about StreamMaxLength * Update documentation for udev and keysas-admin * Bump dependencies * npm update and audit fix * Fix clippy warnings * Remove loopdev patch * Remove dead code + allow non camel case types * Add truncate open to true * Bump dependencies * Fix clippy warnings * Update link to download on github * Bump npm dependencies * Update EN translation on AppWizard-en.vue & fix typo on AppWizard-fr.vue * Bump dependencies * Bump simple_logger --------- Co-authored-by: Luc <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Jun 19, 2024
* Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall * Ignore .filepart as requested by a user * Typo fix * Revert .filepart ignoring and add this feature to a dedicated branch * Bump userdoc to v2.2 * Add mkfs instructions * Ignore unsupported operations by miri * Improve UX in home page * Housekeeping + UX * Housekeeping + UX * UX and design improvement * UX and design improvement * Fix uncorrect/misleading comment * Bump syscallz and landlock crates * Update default method but stay on ABI V2 for now * landlock: restrict sas_in directory with ReadFile, RemoveFile and RemoveDir * Landlock: Add ReadDir attr to be able to read the dir content * Landlock: Remove wrong comment on ABI version * Fix Landlock RO + unlink sas_in + UX (#50) * Fix clippy warning for String * Update dependencies * Bump dependencies * Bump dependencies * Remove / update error module * Bump version to v2.3 * Update UX * Update SDPX headers * Fix missing variable in flush() * Firewall: addition of installer for minifilter (#51) * USB Filter: add USB filter in add event * Added USB descriptor query * USB Firewall: started installer setup * USB Filter: improved usb device inspection * Created installer for windows daemon and filter * Created installer with Innosetup * Rename minifilter project * Started preparation for Linux port * Applied Clippy and cargo fmt * Keysas Service: added taury app to installer * Firewall: improved readmes * Bump various crates * Set compat level for Landlock * Print json report to logs * Add non camel case types * Remove update headers * Remove patch & switch to ed25519-dalek v2.1 * Update SDPX * Update npm dependencies * Update installation dependencies * Add Todo list * Update release and changlog * Bump Tauri dependencies * Bump regex crate * Bump dependencies * Update documentation about StreamMaxLength * Update documentation for udev and keysas-admin * Bump dependencies * npm update and audit fix * Fix clippy warnings * Remove loopdev patch * Remove dead code + allow non camel case types * Add truncate open to true * Bump dependencies * Fix clippy warnings * Update link to download on github * Bump npm dependencies * Update EN translation on AppWizard-en.vue & fix typo on AppWizard-fr.vue * Bump dependencies * Bump simple_logger * Bump dependencies + change pubkey for keysas-admin * Remove tarpaulin for warnings * Remove duplicated attributes * Bump user documentation version * Bump version in about view --------- Co-authored-by: Luc <[email protected]> Co-authored-by: lb-anssi <[email protected]>
r3dlight
added a commit
that referenced
this pull request
Aug 12, 2024
* Keysas v2.4 (#64) * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 * Remove old bindmount for unexistant home directory * Dev windows firewall (#36) * Rebase windows branch on Develop * Addition of library for IPC * Addition of driver for USB device filtering * Fixed mailslot from HMI to daemon * Release v2.0 (#32) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Force resolver (#33) * Improved cert generation from csr * Documentation addition * Propagated API change to admin * X509: PKI code refactoring (clippy, doc) PKI refactoring Clippy improvements * Addition of hybrid keypair loading * Passed cargo fmt * X509: Fix Github CI workflow Update rust.yml (#18) Fixed github workflow Github CI: added libsoup Github CI: changed libsoup version Github worflow: fixed typo in dependencies Github workflow: added javascript dependency Github workflow: added webkit dependency * X509: fix keysas-out use of PKI * Enrolment: Generate private keys on the station * Rework of private key generation in keysas-sign to use the utility functions in the PKI crate. * Added oqs initialisation to all function in PKI crate * Cleanup cargo manifest in keysas-sign * Enrolment: Added certificate saving to keysas-sign * Fixe of save function in keysas-sign * WIP - Addition of certificate validation in PKI * Keysas-admin: added station enrolment * Implementation of station enrolment in admin * Fix generate signing keys in station * Fix Rdn generation * General code cleanup * Addition of tauri dist directory * File signing: keysas-sign code cleanup and doc * File signing: added tests and doc * Cleaning up the code * Add SDPX headers + remove feature * Format * Validate hybrid signature from certs * oqs: use only dilithium feature * Remove minisign crate * Feature became stable * Add usb signing functions * Remove tauri plugin store * Add libs for signing device * Start modifying keysas-admin to locally sign usb devices * Fix overflowing serial number * Bump version to 0.2.0 * Bump version to 0.2.0 * Serial are now arrays of 20 bytes * Update deps + improve pki creation * Add USB device hybrid signing functionnality * Add delete keysas station function * Display the PKI information: - Add Serialize to CertificateField; - UX improvement. * Update home + improve UX * Add Revoke USB device * Add check for PKI password length * Rename few componants * Bump version * Check that country is < 2 chars long * Bump version * Improve UX * Improve HELP for adding a station * Rename componant AddForm into AddStation * Fox is_alive to be async * Update comments * Remove std features for oqs * Remove pretty format for digest computation * Windows: Initial commit for the driver * Added simple communication between driver and app * Windows: restructured project * Separation of the user space app in a daemon with admin level and GUI * Separation of the driver in smaller modules * Started the addition of context support in the driver * Improved the communication between the driver and the daemon * Improved context management * Implemented file validation by the user * Improved list of create call filtered * Started file validation * Run analysis on driver and initialized tray app * Continued file verification * Validated file reports * Added first window to tray app * Cleaned driver and service code * Update windows GUI * Fixed dalek version * Update keysas-lib dependencies versions * Renamed USB firewall folder * Fix function signatures + tests * BEGIN: Fixing frontend for reading reports * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Tests fix (#25) * Fix bind_and_sign() tests and set the signature optional if keys are not found * Fix const paths bugs * handle ws upgrade * handle ws upgrade * Fix paths for PKI creation * Update some logs + stay async as much as possible * Fix GNU/Linux paths for key generation * Fix stations online status * UX: color update on homepage + remove useless method * Set some functions in async mode * Print some feedback to final user while creating a new PKI * Clear the password as soon as used * Downgrade time crate to match tauri pinning :( * Update deprecated method add to insert * Add tests file * Import mod tests * Add new empty arg to match signature * Add dev-dependencies + update yara * Downgrade logger crate to match tauri pinning :( * Change const paths for windows * Bump tungstenite crate * Bump criterion * Update windows pzaths and clean useless fn * cargo fmt * Add delete PKI functionnality * Handle errors when cannot parse signature * Install sudoers config for keysas-admin * Update install/uninstall scripts with sudoers config * Restart keysas instead of keysas-out (socket broken) * Remove useless import * remove old diode paths * Fix some clippy warnings * Update log message * Add base64 + bump some crates * Get the signature size and decode both signatures * Add some debug logs * Bump simple logger crate * Clean up useless fn * Fix: remove unwanted b64 decode * Handle bad password error in UX * Update installation process for Tauri * UX: add some verbosity for admin * Update readme * Remove std feature for Windows * Rename component to keysas * Update dependencies * Rename component to keysas in App * Start rewriting wizard-fr * Temporary removing rejected files * Update Help/Quick start procedure * Update id tag * Add const for paths and update ip parsing * Fix ipaddr for eth|enp style * Remove useless comment * Fix install/uninstall binaries * Fix install/uninstall binaries: restart clamd * Switch to Bookworm install * Fix install of sudo rules * Update rust.yml - Freeze toolchain for loopdev * Temporary patching devloop til the next release * Switch back to nightly toolchain * Update README with nightly toolchain installation * Bump ubuntu pkg to libyara9 * Removing workflow for now: Ubuntu kinetic not supported * Removing workflow for now: Ubuntu kinetic not supported * Error handling for new Dilithium5 signature * Bugfix in install * Update mode to dev * Update error msg for websocket * Better error handling * Add seccomp sandbox for keysas-in * Add seccomp sandbox for keysas-in into main * Add seccomp sandbox for keysas-transit * Cargo format * Add seccomp to keysas-out + fix anyhow::Result * Trying to avoid links * Catch active keyword for regex daemon status * First patch for aarch64 syscallz * Set unlink only for x86_64 * dup3 is called on aarch64 instead of dup2 * Add missing syscall for keysas-out * Add seccomp architectures supported * Allow forgetting reference * Move landlock functions into sandbox.rs * Fix clippy warnings * Fix more clippy warnings * Remove useless options * Ignore compiled documentation directory * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * WIP: update user documentation * Improve README clarity * Update documentation: fix typo * Hide load PKI as it is not implemented yet * Rm useless picture * Rm useless pictures * Updated Keysas logo * Updated logo in doc * Add resolver version 2 --------- Co-authored-by: lb-anssi <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Added README to firewall folder * Added file context ID tracking - Added an ID per file based on the hash of the file path - Added exchange of ID between driver, daemon and tray app - Refactored code in daemon to separate control logic from interfaces * Added authorization change from tray app - Redefined API between minifilter, daemon and app * Added write operation filtering * Added file authorization toggle in app * Added CA certificate use in daemon * USBFilter added PNP processing and device ID query * Added documentation and corrected typos --------- Co-authored-by: r3dlight <[email protected]> * Update url * Fix some typo + styling * Bump version to 2.1 * Specifying the support for Debian 12 only * Added contribution guidelines * Remove useless files * Fix landlock path for yara rules * Be more verbose about Landlock yara path * Update dependencies + set production mode * Bump version to 2.1 * Start implementing PKI restoration * Bump packages version * Check root certificates and station certificate signatures * Check root certificates and station certificate signatures * Bump ed25519-dalek to 2.x series * Fix some rustc + clippy warnings * Update lints for private_in_public changes * Bump keysas-admin dependencies * Bump keysas-backend dependencies * Bump nix crate * Bump global Keysas version * Bump ssh-rs to latest version * Fix timeout duration + Bump ed25519 version * Rename keysas-udev to keysas-io * Force ssh-rs version to prevent fallback to 0.3.2 * Temporary patch ed25519-dalek for signature crate conflict * Bump ed25519-dalek to v2 * Add current user to plugdev group * Bump yara crate * Bump tempfile and flexi_logger * House keeping: remove comments * Remove useless crate * Bump yubico-manager with custom updated version * Fix udev configuration related documentation * Add keysas user creation/deletion when not using pre-built Debian image * Fix udev configuration related documentation * Remove prehashed to verify signatures * Bugfix: use ca to verify signatures + force strict verification * Force strict signature verification * Remove prehashed to verify signatures * Remove prehashed to verify signatures + use strict signature verifications * Add test_save_and_load_hybrid_signature test * Bugfix: use ca to verify signatures for Dilithium * Cleaning up println * Add application verification test for Dilithium * Remove false comment in fn * Bump tempfile crate * Update check_restore_pki signature + async * Be more verbose while verifying signatures * Add check_restore_pki fonction * Add more comments forfunction cjeck_restore_pki * Bump npm dependencies * Bump dependencies * Add uded rule + group instructions * Bump ssh-rs * Bump npm dependencies + show keysas reports * Fix typos in readme * Add source env for rustup * Fix private_bounds pragma * Fix home install for keysas * Remove private-interface pragma * Fix ascii art * Update wizard fr * Fix typo in wizard fr * Bump version to 2.2 * Add clock_gettime syscall * Ignore .filepart as requested by a user * Typo fix * Revert .filepart ignoring and add this feature to a dedicated branch * Bump userdoc to v2.2 * Add mkfs instructions * Ignore unsupported operations by miri * Improve UX in home page * Housekeeping + UX * Housekeeping + UX * UX and design improvement * UX and design improvement * Fix uncorrect/misleading comment * Bump syscallz and landlock crates * Update default method but stay on ABI V2 for now * landlock: restrict sas_in directory with ReadFile, RemoveFile and RemoveDir * Landlock: Add ReadDir attr to be able to read the dir content * Landlock: Remove wrong comment on ABI version * Fix Landlock RO + unlink sas_in + UX (#50) * Fix clippy warning for String * Update dependencies * Bump dependencies * Bump dependencies * Remove / update error module * Bump version to v2.3 * Update UX * Update SDPX headers * Fix missing variable in flush() * Firewall: addition of installer for minifilter (#51) * USB Filter: add USB filter in add event * Added USB descriptor query * USB Firewall: started installer setup * USB Filter: improved usb device inspection * Created installer for windows daemon and filter * Created installer with Innosetup * Rename minifilter project * Started preparation for Linux port * Applied Clippy and cargo fmt * Keysas Service: added taury app to installer * Firewall: improved readmes * Bump various crates * Set compat level for Landlock * Print json report to logs * Add non camel case types * Remove update headers * Remove patch & switch to ed25519-dalek v2.1 * Update SDPX * Update npm dependencies * Update installation dependencies * Add Todo list * Update release and changlog * Bump Tauri dependencies * Bump regex crate * Bump dependencies * Update documentation about StreamMaxLength * Update documentation for udev and keysas-admin * Bump dependencies * npm update and audit fix * Fix clippy warnings * Remove loopdev patch * Remove dead code + allow non camel case types * Add truncate open to true * Bump dependencies * Fix clippy warnings * Update link to download on github * Bump npm dependencies * Update EN translation on AppWizard-en.vue & fix typo on AppWizard-fr.vue * Bump dependencies * Bump simple_logger * Bump dependencies + change pubkey for keysas-admin * Remove tarpaulin for warnings * Remove duplicated attributes * Bump user documentation version * Bump version in about view --------- Co-authored-by: Luc <[email protected]> Co-authored-by: lb-anssi <[email protected]> * Update administration.rst Change the URL from https://www.ssi.gouv.fr/en/guide/configuration-recommendations-of-a-gnulinux-system/ to https://cyber.gouv.fr/en/publications/configuration-recommendations-gnulinux-system --------- Co-authored-by: sn-anssi <[email protected]> Co-authored-by: Luc <[email protected]> Co-authored-by: lb-anssi <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.